Show TOC

Public-Key CertificateLocate this document in the navigation structure

Definition

The public-key certificate acts as a digital identification card that identifies a person or component.

Use

Use your own public-key certificate to identify yourself to others.

You can use someone else's public-key certificate to verify their digital signature.

Structure

A signer's public-key certificate contains the information you need to verify his or her digital signature, namely the public key and which algorithm was used. Additional information is also included so that you know that this public key does actually belong to the person or component.

There are various formats for storing this information. One standard that is commonly used is the X.509 certificate, which contains the following information:

  • General Information

    • Version

    • Serial number

    • Validity period

  • Certificate Issuer's Information

    • CA's Distinguished Name

  • Certificate Owner's Information

    • Owner's Distinguished Name

    • Owner's public key

    • Asymmetric, cryptographic algorithm used

  • CA's Digital Signature

    • Asymmetric, cryptographic algorithm used

    • CA's digital signature

Note

Note that the CA's signature is also included in the public-key certificate as an additional (and necessary) measure to prove the authenticity of the certificate, the public key, and therefore, the digital signature.